Cieslak: Don’t sacrifice security for convenience

Cieslak Frontier

The growing amounts of personal information put online has made things more convenient, but it has also increased both the risk of identity theft and the severity of its consequences, a thought that David Cieslak, chief cloud officer and executive vice president at RKL eSolutions, confesses keeps him up at night.

“As we think of all the work that’s been done, especially during COVID, of migrating so many critical applications to the cloud, what does security look like?” asked Cieslak. 

Cieslak noted that, with the vast array of personal information now available, identity access management is more important than ever. He pointed out that people today can wreak a great deal of havoc with only a little bit of personal information, even if it’s just a login and password somewhere. With what’s available now, people can do things like redirect payments or open a line of credit in someone else’s name. As more sensitive information moves online, like medical records and mortgage documents, the potential for damage has grown even greater. Cieslak pointed out that even biometric data is being digitized, which opens up disturbing possibilities for identity theft. 

“Now, in the name of entertainment, we’ve signed up for things like 23 and Me, those sites where we can trace genealogy,” he noted. “At this point we’re saying what’s truly unique to us is our genetic makeup. If that’s what we’ll use for identity access management, great, but how do we control what we have access to?”

In this respect, hackers won’t just be able to take names, addresses, Social Security numbers and mothers’ maiden names. Soon, Cieslak warned, they will also have fingerprints and retinas, if they don’t already. As time goes on, he sees people turning their very genetic sequences into data, which in turn can be stolen and misused by bad actors. While admitting it might sound far-fetched, he said the possibility of someone completely assuming someone else’s identity, and even locking the real person from their own lives, is one that should be taken seriously. 

“You think of your own DNA and that makes you unique. But wait — we did this whole exercise where people submitted their information and now it’s in some data store somewhere. And someone hacks into it. Now I can masquerade as [you], not only steal your identity but assume your identity. You will say ‘I’m me and I can prove that’ but, sorry, you no longer own that profile,” he said. 

While admittedly an extreme example, he said this is the direction we’re going as we continue to put more sensitive information online. As the amount of data online grows, the amount able to be stolen increases too. The more data someone can have on a person, the more devastating identity theft becomes. In this respect, Cieslak expects the consequences of ID theft to become more severe. 

“As we put more and more of our sensitive information online — both from a quantity perspective as well as a sensitivity perspective — so the damage, if that gets compromised, becomes even more potentially catastrophic,” he said. 

This means the question of how to prove one’s own identity and how to ensure that only certain people can access certain information will get even more important as the years go on. While there are a diverse array of security solutions, the question will always come down to “non-repudiation.” 

“I am who I say I am and that can’t be altered,” he said, adding that risk will continue to go up until someone finds a good solution to this problem. 

Many of the risks come not necessarily from a software perspective but from a mindset among users, namely the prioritization of convenience over security. Too many, he said, are willing to sacrifice the latter in the name of the former, thinking more about everyday use and less about the risks that come embedded in the code.

“You need to think of security first and convenience second, not the other way around. Too often folks are ready to solve a problem, and we need to address and solve problems, sure, but we can’t lose sight of the fact that security still has to lie over it all. So this notion of convenience over security, that’s something that continues to concern me,” he said. 

This story is part of an Accounting Today series called “The Frontier,” where we explore the cutting edge of accounting technology through conversations with thought leaders across the country, who will share with us their observations, hopes, concerns and even a few predictions here and there.

See the rest of the series here.

For reprint and licensing requests for this article, click here.
Technology Cyber security Identity theft Identity verification
MORE FROM ACCOUNTING TODAY